From c0f274180d471a23333690f8a497324db27ebf09 Mon Sep 17 00:00:00 2001
From: "Matthew C. Morgan" <matthew.c.morgan@census.gov>
Date: Thu, 27 Feb 2025 16:17:03 -0500
Subject: [PATCH] update operator naemspace for not plural

---
 .github/workflows/release.yml         |  70 ------------------
 .github/workflows/terragrunt-cicd.yml | 101 ++++++++++++++++++++++++++
 README.md                             |  10 +--
 main.tf                               |   4 +-
 outputs.tf                            |   8 +-
 5 files changed, 112 insertions(+), 81 deletions(-)
 delete mode 100644 .github/workflows/release.yml
 create mode 100644 .github/workflows/terragrunt-cicd.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index c8ead3b..0000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-# SCT-Engineering/release action
-name: Do Release of Module
-
-# Controls when the workflow will run
-on:
-  pull_request:
-    types: [opened, reopened, synchronize, labeled, unlabeled]
-  push:
-    branches:
-      - main
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-permissions:
-  id-token: write
-  contents: write
-  pull-requests: write
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
-jobs:
-  # This workflow contains a single job called "Release"
-  Release:
-    # The type of runner that the job will run on
-    runs-on: ["229685449397"]
-    if: "!startsWith(github.event.head_commit.message, 'bump:')"
-
-    steps:
-      - uses: CSVD/gh-actions-checkout@v4
-        id: checkout
-        with:
-          token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"
-          fetch-depth: 0
-
-      - name: Setup GITHUB Credentials
-        id: github_credentials
-        uses: CSVD/gh-auth@main
-        with:
-          github_app_pem_file: ${{ secrets.GH_APP_PEM_FILE }}
-          github_app_installation_id: ${{ vars.GH_APP_INSTALLATION_ID }}
-          github_base_url: "${{ github.server_url }}/"
-
-      - name: Create bump and changelog
-        uses: CSVD/commitizen-action@main
-        with:
-          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-          changelog_increment_filename: body.md
-
-      - uses: CSVD/gh-actions-checkout@v4
-      - run: |
-          date > generated.txt
-          # Note: the following account information will not work on GHES
-          git config user.name "github-actions[bot]"
-          git config user.email "{user.id}+{user.login}@users.noreply.github.e.it.census.gov"
-          git add .
-          git commit -m "generated"
-          git push
-      # - name: Push doc to Github Page
-      #   uses: peaceiris/actions-gh-pages@v4
-      #   with:
-      #     personal_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-      #     publish_branch: gh-pages
-      #     publish_dir: ./site
-      #     user_name: "github-actions[bot]"
-      #     user_email: "github-actions[bot]@users.noreply.github.com"
-      # - name: Release
-      #   uses: ncipollo/release-action@v1
-      #   with:
-      #     tag: v${{ env.REVISION }}
-      #     bodyFile: "body.md"
-      #     skipIfReleaseExists: true
diff --git a/.github/workflows/terragrunt-cicd.yml b/.github/workflows/terragrunt-cicd.yml
new file mode 100644
index 0000000..a78523e
--- /dev/null
+++ b/.github/workflows/terragrunt-cicd.yml
@@ -0,0 +1,101 @@
+name: 'Terraform Module CI'
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '**/*.hcl'
+      - '**/*.tf'
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  validate:
+    name: 'Validate Module'
+    runs-on: self-hosted
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Setup Terraform
+      uses: hashicorp/setup-terraform@v2
+      with:
+        terraform_version: 1.5.0
+
+    - name: Terraform Init
+      run: |
+        terraform init -backend=false
+
+    - name: Terraform Format
+      run: |
+        terraform fmt -check
+
+    - name: Terraform Validate
+      run: |
+        terraform validate
+
+    - name: Run tflint
+      uses: terraform-linters/setup-tflint@v3
+      if: github.event_name == 'pull_request'
+
+    - name: Lint Terraform
+      if: github.event_name == 'pull_request'
+      run: |
+        tflint --format compact
+
+  release:
+    name: 'Create Release'
+    needs: validate
+    if: github.ref == 'refs/heads/main' && github.event_name == 'push'
+    runs-on: self-hosted
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install Commitizen
+        run: |
+          pip install commitizen
+
+      - name: Configure Git
+        run: |
+          git config --local user.email "action@github.com"
+          git config --local user.name "GitHub Action"
+
+      - name: Bump Version and Generate Changelog
+        id: cz
+        run: |
+          cz bump --yes
+          echo "new_version=$(cz version --project)" >> $GITHUB_OUTPUT
+          echo "changelog=$(cz changelog --dry-run)" >> $GITHUB_OUTPUT
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: v${{ steps.cz.outputs.new_version }}
+          release_name: Release v${{ steps.cz.outputs.new_version }}
+          draft: false
+          prerelease: false
+          body: ${{ steps.cz.outputs.changelog }}
diff --git a/README.md b/README.md
index 3b34d86..a5e44c0 100644
--- a/README.md
+++ b/README.md
@@ -123,9 +123,9 @@ EOF
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.87.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.88.0 |
 | <a name="provider_helm"></a> [helm](#provider\_helm) | 2.17.0 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.35.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.36.0 |
 
 ## Modules
 
@@ -138,7 +138,7 @@ EOF
 | Name | Type |
 |------|------|
 | [helm_release.console_access](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [kubernetes_namespace.operators](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
+| [kubernetes_namespace.operator](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace) | resource |
 | [kubernetes_network_policy.operators_default](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_storage_class.ebs_encrypted](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
 | [kubernetes_storage_class.efs_sc](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/storage_class) | resource |
@@ -170,8 +170,8 @@ EOF
 | <a name="output_module_name"></a> [module\_name](#output\_module\_name) | The name of this module. |
 | <a name="output_module_version"></a> [module\_version](#output\_module\_version) | The version of this module. |
 | <a name="output_network_policies"></a> [network\_policies](#output\_network\_policies) | Map of network policies applied to namespaces |
-| <a name="output_operators_namespace"></a> [operators\_namespace](#output\_operators\_namespace) | The namespace for the operators. |
-| <a name="output_operators_namespace_labels"></a> [operators\_namespace\_labels](#output\_operators\_namespace\_labels) | Labels applied to the operators namespace |
+| <a name="output_operator_namespace"></a> [operator\_namespace](#output\_operator\_namespace) | The namespace for the operators. |
+| <a name="output_operator_namespace_labels"></a> [operator\_namespace\_labels](#output\_operator\_namespace\_labels) | Labels applied to the operators namespace |
 | <a name="output_rwo_storage_class"></a> [rwo\_storage\_class](#output\_rwo\_storage\_class) | Kubernetes storage class that supports read/write once. |
 | <a name="output_rwx_storage_class"></a> [rwx\_storage\_class](#output\_rwx\_storage\_class) | Kubernetes storage class that supports read/write many. |
 | <a name="output_storage_classes"></a> [storage\_classes](#output\_storage\_classes) | Map of all storage class names and their configurations |
diff --git a/main.tf b/main.tf
index 402b050..336b4a3 100644
--- a/main.tf
+++ b/main.tf
@@ -83,7 +83,7 @@ resource "kubernetes_storage_class" "efs_sc" {
   mount_options = ["tls"]
 }
 
-resource "kubernetes_namespace" "operators" {
+resource "kubernetes_namespace" "operator" {
   metadata {
     name = var.operators_ns
     labels = {
@@ -96,7 +96,7 @@ resource "kubernetes_namespace" "operators" {
 resource "kubernetes_network_policy" "operators_default" {
   metadata {
     name      = "default-deny"
-    namespace = kubernetes_namespace.operators.metadata[0].name
+    namespace = kubernetes_namespace.operator.metadata[0].name
   }
 
   spec {
diff --git a/outputs.tf b/outputs.tf
index a28d138..5bb798d 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -73,14 +73,14 @@ output "efs_dns_name" {
 # Operators
 ################################################################################
 
-output "operators_namespace" {
+output "operator_namespace" {
   description = "The namespace for the operators."
-  value       = kubernetes_namespace.operators.metadata[0].name
+  value       = kubernetes_namespace.operator.metadata[0].name
 }
 
-output "operators_namespace_labels" {
+output "operator_namespace_labels" {
   description = "Labels applied to the operators namespace"
-  value       = kubernetes_namespace.operators.metadata[0].labels
+  value       = kubernetes_namespace.operator.metadata[0].labels
 }
 
 ################################################################################